Twitter's descent into a gutter of the lowest order has been gut-wrenching:

Elon Musk’s Grok and the Mass Undressing Scandal

As I draft this, a week later, it appears pressure from civil society, investigations by regulators, and outright bans on multiple continents have forced Musk to back down to an uncertain degree.

As this scandal roiled, Twitter's apps have been continuously available in Google's Play and Apple's App Store, marking new lows in moral cowardice and non-enforcement of the duopolist's own policies.

Now we sit on tenterhooks, wondering if the worst has actually passed. What outrage the will valley's billionaire man-children unleash next? Meanwhile, we brace for this episode to embolden censorious authoritarians keen to extract more governmental power over the media and legitimate speech.

This is the backdrop to Elizabeth Lopatto's must-read denunciation in The Verge:

It is genuinely unbelievable to me that I wasted hours of my actual life on a court case where Apple explained it needed total control of its App Store to protect its users. Total control of the App Store was Apple’s main argument against antitrust enforcement: The company insisted that its monopolistic control of what users could install on their phones was essential to create a walled garden where it could protect children from unsafe content.

Ha! Ha ha ha!!

— Elizabeth Lopatto,
"Tim Cook and Sundar Pichai are cowards, The Verge"

Failure to react to the “everything app” going all-in on abuse of women and girls for weeks reveals the illegitimacy of their mobile monopolies¹; anyone pretending otherwise is a fool or a dupe.

We don't need to guess why they did it. Acting against Musk's abusive apps might put Apple and Google out of favour with an erratic, power-tripping administration which in turn could impact short-term business prospects. Choosing their own stated principles is incompatible with maximizing shareholder value under competitive authoritarianism.

Recall that both firms lent their monopolies on software distribution to ICE, citing the implausible claim that federal agents are a “vulnerable group.”

This new scandal is just the same choice in relief. Publishing the unthinkable at the behest of administration allies pays homage to power through obscenity. If they offend Musk…who knows what could happen? So maybe let it play out; let others take the heat. Surely somebody will do something. The internal monologue of the quisling scarcely needs exposition.

And so abuse at scale was amplified through their channels, against their own policies, for weeks.

Vertigo

The duopolist's justification for the necessity of monarchical app stores have always been bullshit, top to bottom, stem to stern.

App stores are not sui generis; they're just programs that install other programs, and "apps" are whatever the OS says they are.

As Cory Doctorow observed:

Apps interact with law in precisely the way that web-pages don't. “An app is just a web-page wrapped in enough IP to make it a crime to defend yourself against corporate predation”

It sure looks like Apple and Google failed to protect women and girls in order to preserve the rents they extract from the ecosystems these IP wrappers give them control over.

Gatekeepers like to point out that the wrapper comes with treats, but this is misdirection. Web apps could provide safe, privacy-enhancing versions of every capability they currently reserve to “native” apps, and the gatekeepers know it.

That's why Apple has worked furiously to keep APIs away from browsers through legal wrangling and subversion of standards. Cryptography and lawyers have also been enlisted to keep other programs-that-install-programs out and a safe, powerful open web at bay. Without those shields, we'd see the deeper failures clearly.

Consider the justifications Apple and its merry band of astroturfers trot out like clockwork to delay browser choice. Cupertino argues it must exclusively control browsers and software distribution to:

• Ensure device security
• Prevent frauds and scams
• Provide a bulwark for privacy
• Simplify software acquisition and distribution
• Keep a lid on the most objectionable content

We can see now that real protection on the last point comes not from the stores, but from governments. This realisation provides a template: each justification is an admission, a misdirection to cover for their own failures.

Let's take it from the top.

The Security Argument

Stores don't ensure security, runtimes do.

Operating systems and browsers — the platforms that sandbox code and mediate permissions — protect users to the extent they're designed to; app stores are just overwrought “beware of dog“ signs meant to scare off easily intimidated ne'er-do-wells. So it's no surprise that whenever app stores are trusted with the role, a trail of embarrassing failures follows.

This unearths the lie behind the obfuscation: iOS and Android didn't create app stores to deliver unheard of security — iOS 1.0 did that by removing unsafe native code and replacing it with the web; ChromeOS did the same for desktops shortly thereafter — no, the gatekeepers built the app stores because their OSes are insecure places to run native code.

There was no App Store on the original iPhone because it only ran third-party code on the world's most secure platform: the browser. When apps ran in the tightly sandboxed web, the presumption of safety reigned. It was only because iOS and Android were (and remain) fundamentally insecure for native apps that it became a necessity to introduce a store with iOS 2.0. It's no accident that this was when Apple retreated from making the safe, open, and interoperable web more capable.

Apple's App Store was a marketing answer to a brand-promise problem: what to do about a hole below the water line that Product and Engineering aren't just failing to patch, but are enthusiastically expanding instead?

The whole facade of the duopolist's power hinges on the false claim that stores create security. Without the need to paper over the disaster of carelessly dispensed power tools, none of the rest of the services the stores provide could be justified; certainly not at the ruinous prices they demand.

More recent, chest-thumping pronouncements need to be evaluated in the same light; these aren't heroic explorers of new frontiers, they're embarrassed students bluffing book reports for tomes they didn't read.

Instead of protecting us, app stores reward platform vendors for failure and foster centralising, anti-Open Source ecosystems. Open societies cannot abide closed platforms that assert ownership of this much of our lives, particularly not when claims of security are based on misrepresentations.

Frauds and Scams

In the narrow conception, the app stores are feckless. Taking a wider view, they're complicit, if not enabling.

In a strict legalistic sense of “fraud," the track record of app stores is abysmal. Take just one recent example: while loudly proclaiming to protect users from scams, Apple simultaneously facilitated wide-scale app impersonation at the launch of Sora.

For its part, Google routinely facilitates shocking amounts of ad fraud via Play. Stores failed to catch clearly fraudulent fronts for sanctioned Russian banks, and even bald-faced imposters have been a long-running problem. This is just the tip of the proverbial iceberg.

If we widen the aperture to let in adjacent classes of user abuse, it gets immeasurably worse.

Apple's policies purport to disallow use of the ultra-low-friction IAP systems for gambling:

5.3.3 Apps may not use in-app purchase to purchase credit or currency for use in conjunction with real money gaming of any kind.

This text is lawyered to sound like a curb on gambling addiction's worst effects. In reality, it's designed to facilitate the predatory “gambling lite” systems Apple and Google gleefully fostered.

For most of the mobile duopoly's existence, the primary revenue driver has been the problematic, gambling-adjacent behaviour of “digital whales” in so-called “casual games.”

And don't imagine the wilfully predatory behaviour is limited to adults. By allowing “bait apps” — even after previous FTC settlements that should have forbidden them — the app stores have shown us the duopolist's true colours. Serial disregard for the financial health of users is literally baked into their model.

This is the rotten core of app stores. Understood in POSIWID terms, mobile app stores exist to tax the problematic gambling of vulnerable users.

Privacy

App stores safeguard privacy the way packs of wolves safeguard flocks of sheep.

The only appropriate response to the two-faced, duplicitous claims by Apple and Google towards privacy in recent years is incandescent rage.

I've covered before how Apple's posturing against Facebook is nothing but kayfabe and how Cupertino's privacy arguments regarding alternative browsers are steaming piles of illogical nonsense.

In reality, our privacy problems have been multipled because of Apple and Google.

It was the duopolists that created APIs for persistent background access to your contacts, calendar, location, radios, battery levels, and much else besides. And they did this knowing full well it was going to lead to abuse. Remember, they exposed this information to all comers after having built browsers and web-based alternatives that could have been extended more thoughtfully.

It was the duopolists who handed those APIs to native apps from shady publishers like Facebook with less-than-thoughtful controls. And it was these very companies that failed to police even their mildest policies.

These same trillion-dollar market-cap firms simultaneously declined to do the one thing that had a chance of actually improving privacy: using their incredible lobbying capacity to call forcefully for privacy regulations worth a damn, preferring a market structure where they can posture against each other.

Solving the root issue might deprive them of a marketing tool, after all. And they have got away with it. Their press and product shops are keenly aware reporters don't understand privacy deeply enough to call their bluff, and that so-called privacy experts will happily clap for symbolic gestures.

Humiliatingly for the fourth estate, Cupertino and Mountain View's self-issued privacy participation prizes were never questioned. Indeed, credulous journalists continue to shower them with praise for steps away from the very worst excesses best measured in angstroms.

Apple have been allowed to take credit for foisting responsibility onto users while Google has faced no sustained questioning for just giving up, having never launched anything at all to structurally curb Android abuses.

Cynics might be inclined to think this was very much the point.

Indeed, the POSIWID description of these monopolies-on-apps-that-install-apps is that they exist to squash competition. Apple's not trying to keep alternative browsers off of iOS because they'll hurt privacy, they're keeping them at bay because they could provide an alternative. One that might challenge the (low) quality of Apple's offer while eliding Cupertino's ability to extract usurious taxes along the way.

Software acquisition and distribution

You know what the easiest way to get an app is? Clicking a link.

Apple literally pioneered this model with iOS 1.0, only to walk away from it when it chose to expose new, carelessly overpowered, unsafe-by-default APIs to developers with the introduction of native apps. Throwing away privacy and security made software harder to build and distribute, too, but deposited power over developers with OS gatekeepers. Over time, that power became addictive.

A more secure and privacy preserving model is still possible but the duopolists continue to suppress it. I can't speak out of school about all the ways Android and Play mirrored Apple's underhanded tactics to suppress PWAs, but suffice to say it was a lot.

Industrial-scale suppression of safe, privacy-respecting platforms has been packaged up in florid terms as an advantage for developers. Except developers hate mobile app stores. But you don't have to take my word for it.

Given the choice, developers would do exactly what the gatekeepers do when constructing billing, distribution, and marketing systems: shop around in an open market, based on standards-oriented technologies, and select the best fit for their needs.

This is exactly the model that gave rise to the web and to web search. Discovery for web apps isn't impossible for web apps without omnipotent app stores; it isn't even hard. If we can build search engines for web pages, we can also highlight sites that are installable. None of this is magic, and none of it requires a 30% take from the developer's budget.

Content Moderation

For the sake of completeness, we should stipulate here that an end to app stores, including a potential flowering of web apps and alternative browsers, would not meaningfully change the content moderation landscape.

We now have a powerful example of this counterfactual thanks to the Twitter/Grok episode. There is no safety to be lost when we replace the gatekeeper's app stores with a powerful, open, interoperable web. The app stores stand for nothing and will stand up to no-one. Good riddance.

The Rot of “Who Should Rule?”

Before the 2024 US elections, tech titans were well-enough advised to know which way the winds were blowing. But that did not stir them to defend truth, the rule-of-law, or even the employees that enabled their success. Instead, they hurried to capitulate. Today they sponsor coup-excusers pay vigs, grovel to people they surely loathe, and fund the literal destruction of America's institutions.

This month's failure to stand up for basic decency is just another link in that chain.

Having narrowed the running to two choices, mobile's masters always ask us to consider governing our phones through the authoritarian frame of "who should rule?"

But these aren't our only choices. As Popper retorts, the better question is "How can we so organize political institutions that bad or incompetent rulers can be prevented from doing too much damage?"

This isn't purely a political question, but applies to all of society's power structures. The callous indifference of the app store's billionaire managers (1, 2) when faced with an even moderately difficult call tells us that they cannot be trusted; this was the test, and the mobile overlords failed by their own terms.²

What's left for the rest of us to take on is how we dismantle the mechanisms our misplaced trust helped them build. This will not be easy, and an insightful commenter at The Verge restates the core problem:

This is true and fantastic reporting and why we need to pay for The Verge.

But, it begs the question, what do we do?

Do we opt out of the tech of the modern world to protest? Commitment to values isn’t what we talk about, it’s what we are willing to give up. A key problem is that we don’t have any real competition vs Apple or Google as platforms if we want to exist in the modern world or even have this conversation.

You can’t (easily) read this or participate from a Kobo or Lightphone. Anyone have any suggestions?

I dropped off Twitter and Meta, but I’m running out of options.

— Anonymous commenter,
"Tim Cook and Sundar Pichai are cowards, The Verge, Comments"

We aren't going to get anywhere by throwing our iPhones and Androids into the sea.

Credible, incremental steps that remove power from the gatekeepers are now demanded, and as I have previewed throughout this piece, the open web is that next step. It has all the properties we need to attenuate misgiven power: no single vendor control, based in standards, multiple OSS implementations, and most of all, portability.

The web is an abstraction that holds the power to liberate our computing in-situ, removing superfluous gatekeepers from the loop an increasing fraction of the time. As use of the web grows, so do the prospects for alternatives OSes and hardware ecosystems. They know this, and that's why they're trying to keep the web from winning.

Moving our computing to browsers and web apps won't protect us from Musk, but neither will Apple or Google.³ Now that we know that, we can at least start to claw back at the corrosive power of monopolists in our pockets by building for a future that doesn't depend exclusively on them.

FOOTNOTES

1. Some folks like to continue to pretend that the mobile duopoly still includes any serious competition for either player. I assume those people are paid to review phones for a living.

   As I outlined in this year's instalment of the Performance Inequality Gap series, the mobile market is actually two distinct markets: iOS for the rich, and Android for the rest. The average price for iPhones is hovering nearly $1K, while the average Android costs $300 new, unlocked. There is no functional competition between these ecosystems, and though they'll never admit it, that's a situation the duopolists are more than comfortable in, even if they don't particularly love it. ⇐

2. If it always falls to regulators to protect women and girls from Elon Musk and his Trumpian alliance, what is the point of Tim and Sundar? Of Play and the App Store?

   And if their policies are just fig leaves to justify rent extraction, why should any regulator listen to anything they say?

   These questions should be hair-on-fire in the capitols of functioning democracies. ⇐

3. It is not the most offensive thing about this episode by a country mile, but I am driven to distraction by how unbelievably stupid Apple and Google have become.

   Did Tim and Sundar really think that, having sniffed weakness once, Trumpist shake downs would pass them over the next time a pro quo could be extracted for the quid?

   Did they not understand that by participating in oligarchy they signed on to authoritarianism?

   Did they really fail to calculate that capitulation didn't lower their risks, only centralised them?

   This was all predictable. You don't have to look as far as Russia to understand that autocrats grant temporary loans of state power towards undemocratic ends to create leverage for themselves, not the borrower. And whatever the price, autocrats never stay bought.

   Everyone but the smartest people in the room knew that domination is a ladder, and now we're all paying the price. ⇐

It wasn’t until the end of our chat that I learned her name.

We made another short film last year. Here's the "back of the DVD case" pitch:

Penny's back, and so's the Red Button, thankfully right where she left it. But who's this Giant? And why's he so cute?

Red Button II: The Giant of Belvedere is 2025 Belvedere Home-Made Film Festival Official Selection

A Harrington Production

• Tavie Harrington - "Penny"
• Bear Harrington - "The Giant"
• Carly Harrington - Hair, Makeup, Costume
• Charlie Harrington - Writer, Director, Composer, Editor

My favorite moment of the film festival when Tavie received her filmmaker's participation statue:

"I can't believe I won my first trophy!"

Watch the 3-minute film now:

I love having this continuing, annual project with Tavie (and now Bear, too). She keeps bringing it up, bursting with ideas for the next one.

Another thing I've been trying to do is learning one new movie-making technique each year, and then use it as a major part of that year's film. The first year was "reversing" a clip -- hello, Red Button's time travel mechanism. This year was green screen. I borrowed some green screens (aka sheets) from the local library and then we did our best to rig up Bear's bedroom like The Mandalorian's The Volume. After some hilarious (out)takes, I fired up YouTube Shorts and spend 25 seconds learning how to use DaVinci Resolve just enough to do the green screen clips. What a world. You can definitely tell that I'm doing this with less than a minute's worth of training with the Giant's glowing green hair, but I'm still blown away by how YouTube can teach you literally anything in less than a bathroom break.

I also tried to create a storyboard this year:

Would be fun to try some actual storyboarding software for 2026. Which reminds me to also look into comic book / graphic novel software, because Tavie's getting really into Dog Man at the moment.

Some other highlights

• Bear!!
• My mom (Tavie and Bear's Nana) visited from NJ and came to the film festival
• Getting clips and fake interviews with random park-walkers who happened to notice my "edits" to the historical plaques to incorporate the history of the Giant (watch the film to know what I'm talking about).

Making movies is fun!

Penny will return in 2026.

But will the Giant?

New startup (minimally funded) nonprofits cannot solve systemic issues. They can raise awareness around these issues. They can pilot new and innovative ways to address them. But longevity is nearly impossible without a committed capacity-building fund and/or a capital engine. Philanthropy creates harm to these new nonprofits by funding them without also creating strong pathways […]

Highlights

• I added regional pricing for my book based on purchasing power parity.
• I created my first Flutter app.
• I’m writing my first cross-language library.

Goal grades

At the start of each month, I declare what I’d like to accomplish. Here’s how I did against those goals: